[Zope3-dev] Re: ObjectHub should change data structure
Shane Hathaway
shane@zope.com
Fri, 27 Jun 2003 16:36:07 -0400
Phillip J. Eby wrote:
> At 04:12 PM 6/27/03 -0400, Shane Hathaway wrote:
>
>> Objects may have different URLs and different security restrictions
>> depending on the path taken to access them.
>
> Are you sure? What good does this do? I might agree that different
> URLs might produce different views of the same underlying object, but
> then it's the view that has the URL, not the object.
In the project I've been working on, a content editor is allowed to edit
stories only in the context of certain sections, even though the stories
exist in a central repository and may be shared with other sections and
sites. The story URL includes the section URL. Content editors may
look at stories in other sections but may not edit them.
> As for security, it sounds to me like an invitation to security holes to
> have more than one interpretation of an object's restrictions, depending
> on how you retrieve it.
The security in this application does not need to be bulletproof. In
fact, minor holes are preferred over excessive restrictions.
That said, I just came up with three ways (listed in an earlier email)
to retain dynamic context independently of any decisions regarding
parent references. Therefore, I don't have any objection to storing
parent references persistently.
Shane